Low-degree planar polynomials over finite fields of characteristic two

Low-degree planar polynomials over finite fields of characteristic two

Journal of Algebra 535 (2019) 541–555 Contents lists available at ScienceDirect Journal of Algebra www.elsevier.com/locate/jalgebra Low-degree plan...
Download PDF
361KB Sizes 0 Downloads 50 Views
Report

Journal of Algebra 535 (2019) 541–555

Contents lists available at ScienceDirect

Journal of Algebra www.elsevier.com/locate/jalgebra

Low-degree planar polynomials over finite fields of characteristic two Daniele Bartoli a , Kai-Uwe Schmidt b,∗ a

Department of Mathematics and Computer Science, University of Perugia, Perugia, 06123, Italy b Department of Mathematics, Paderborn University, Warburger Str. 100, 33098 Paderborn, Germany

a r t i c l e

i n f o

Article history: Received 17 September 2018 Available online 28 June 2019 Communicated by William M. Kantor Keywords: Planar function APN function Exceptional Absolutely irreducible polynomial Algebraic curve

a b s t r a c t Planar functions are mappings from a finite field Fq to itself with an extremal differential property. Such functions give rise to finite projective planes and other combinatorial objects. There is a subtle difference between the definitions of these functions depending on the parity of q and we consider the case that q is even. We classify polynomials of degree at most q 1/4 that induce planar functions on Fq , by showing that such polynomials are precisely those in which the degree of every monomial is a power of two. As a corollary we obtain a complete classification of exceptional planar polynomials, namely polynomials over Fq that induce planar functions on infinitely many extensions of Fq . The proof strategy is to study the number of Fq -rational points of an algebraic curve attached to a putative planar function. Our methods also give a simple proof of a new partial result for the classification of almost perfect nonlinear functions. © 2019 Elsevier Inc. All rights reserved.

* Corresponding author. E-mail addresses: [email protected] (D. Bartoli), [email protected] (K.-U. Schmidt). https://doi.org/10.1016/j.jalgebra.2019.06.026 0021-8693/© 2019 Elsevier Inc. All rights reserved.

542

D. Bartoli, K.-U. Schmidt / Journal of Algebra 535 (2019) 541–555

1. Introduction and results Let q be a prime power. If q is odd, a function f : Fq → Fq is planar or perfect nonlinear if, for each nonzero  ∈ Fq , the function x → f (x + ) − f (x)

(1)

is a permutation on Fq . Such planar functions can be used to construct finite projective planes [8], relative difference sets [11], error-correcting codes [4], and S-boxes in block ciphers [19]. If q is even, a function f : Fq → Fq cannot satisfy the above definition of planar functions because x = a and x = a +  are mapped by (1) to the same image. This is the motivation to define a function f : Fq → Fq for even q to be almost perfect nonlinear (APN) if (1) is a 2-to-1 map. Such functions are highly relevant again for the construction of S-boxes in block ciphers [19]. However, there is no apparent link between APN functions and projective planes. More recently, Zhou [25] defined a natural analogue of planar functions on finite fields of characteristic two: If q is even, a function f : Fq → Fq is planar if, for each nonzero  ∈ Fq , the function x → f (x + ) + f (x) + x is a permutation on Fq . As shown by Zhou [25] and Schmidt and Zhou [24], such planar functions have similar properties and applications as their counterparts in odd characteristic. We refer to [20] for an excellent survey of recent results for the functions defined above. The main result of this paper is a classification of the latter type of planar functions, namely those defined in characteristic two. Recall that every function from Fq to itself is induced by a polynomial in Fq [X] of degree at most q − 1. A polynomial f ∈ Fq [X] is called a 2-polynomial if the degree of every monomial in f is a power of two. For even q, such polynomials trivially induce planar functions on Fqr for all r ≥ 1. We show that among all polynomials of sufficiently small degree there are no other planar functions in characteristic two. From now on q will always be a power of two. Theorem 1.1. Let f ∈ Fq [X] be a polynomial of degree at most q 1/4 . If f is planar on Fq , then f is a 2-polynomial. Now consider polynomials f ∈ Fq [X] with the property that f is planar on Fqr for infinitely many positive integers r. As in [6], we call such a polynomial an exceptional planar polynomial. As a corollary, we obtain a complete classification of such polynomials.

D. Bartoli, K.-U. Schmidt / Journal of Algebra 535 (2019) 541–555

543

Corollary 1.2. If f ∈ Fq [X] is an exceptional planar polynomial, then f is a 2-polynomial. Theorem 1.1 considerably strengthens the main result of [18], which is the specialisation of Theorem 1.1 to the case that f is a monomial. It should be noted that there are examples of planar functions on Fq for even q that are not induced by 2-polynomials, see [14,21,23–25]. Of course all of these examples have degree larger than q 1/4 . Our methods also give a simple proof of a partial classification result for APN functions. As in [1], we call a polynomial f ∈ Fq [X] an exceptional APN polynomial if f induces an APN function on Fqr for infinitely many positive integers r. It is well k known (see [20], for example) that, for each positive integer k, the monomials X 2 +1 k k and X 4 −2 +1 are exceptional APN polynomials, also called Gold and Kasami-Welch monomials, respectively. In fact these monomials induce APN functions on F2r for all positive integers r that are coprime to k. The following conjecture was proposed by Aubry, McGuire, and Rodier [1]. Conjecture 1.3 ([1]). If f ∈ Fq [X] is an exceptional APN polynomial, then f is equivalent to a Gold or a Kasami-Welch monomial. In this conjecture, equivalence refers to CCZ-equivalence, whose precise definition is not required here (see [3] for details). Conjecture 1.3 has been proved by Hernando and McGuire [12] in the case that f is a monomial and many other special cases have been proved in several papers. We refer to [7] for a nice survey of the extensive recent literature on Conjecture 1.3. We give a simple proof of the following new result. Proposition 1.4. Let f ∈ Fq [X] be a polynomial of even degree d at most q 1/4 . If f is APN on Fq , then 4 | d. Proposition 1.4 solves one of the five pending cases listed in [7, Section 4] and strengthens [1, Theorem 2.4] essentially by removing the additional assumption that f has a term of odd degree. In our proof of Theorem 1.1 we study an algebraic surface depending on a polynomial f ∈ Fq [X], such that if f ∈ Fq [X] induces a planar function on Fq , then the surface has only very few Fq -rational points. This surface is then intersected with a plane and we consider the resulting algebraic curve. The difficult part is to show that this curve has a component defined by an absolutely irreducible polynomial with coefficients in Fq . The Hasse-Weil bound then asserts that the curve, and so also the surface, has many Fq -rational points, provided that the degree of f is not too large. This leads to a contradiction unless f is a 2-polynomial. This approach seems to be first used by Janwa and Wilson [15] for monomial APN functions and by Aubry, McGuire, and Rodier [1] for general APN functions. Besides the classification problem for APN functions, classification problems for other combinatorial

544

D. Bartoli, K.-U. Schmidt / Journal of Algebra 535 (2019) 541–555

objects have been attacked with this method, for example for planar functions in odd characteristic [6,17,26], hyperovals [5,13,26], and maximum scattered linear sets [2]. However a complete classification, as in Corollary 1.2, has been obtained so far only in one other case, namely in the classification problem for polynomials that induce hyperovals in finite Desarguesian planes [5]. We also remark that our methods for proving absolute irreducibility differ considerably from previous techniques. 2. Proof strategy In this section we present the principal approach for proving Theorem 1.1. In Section 4 we then describe the required modifications of this approach to obtain a simple proof of Proposition 1.4. Let q be a power of two and let f ∈ Fq [X] be a nonzero polynomial in which the degree of every monomial is not a power of two. Note that there is no loss of generality here since the addition of a 2-polynomial preserves the planarity of the function induced by f . Define the polynomial φ(X, Y, W ) =

f (X + W ) + f (X) + W X + f (Y + W ) + f (Y ) + W Y . (X + Y )W

It is a direct consequence of the definition of planar functions that f induces a planar function on Fq if and only if all Fq -rational points on the affine surface defined by φ(X, Y, W ) = 0 satisfy X = Y or W = 0. Put ψ(X, Y, Z) = φ(X, Y, X + Z), so that ψ(X, Y, Z) = 1 +

f (X) + f (Y ) + f (Z) + f (X + Y + Z) . (X + Y )(X + Z)

Then f induces a planar function on Fq if and only if all Fq -rational points of the affine surface defined by ψ(X, Y, Z) = 0 satisfy X = Y or X = Z. Now write

f=

d 

Ai X i ,

i=0

where Ad = 0. Since d is not a power of two, the homogenised form of ψ is  ψ(X, Y, Z, T ) = T d−2 +

d  i=3

Ai

X i + Y i + Z i + (X + Y + Z)i d−i T . (X + Y )(X + Z)

 We study the intersection of the projective surface defined by ψ(X, Y, Z, T ) = 0 with the plane defined by Z = X +1. In fact, we consider the affine curve defined by F (X, Y ) = 0,  where F (X, Y ) = ψ(X, 1, X + 1, Y ). We have

D. Bartoli, K.-U. Schmidt / Journal of Algebra 535 (2019) 541–555

F (X, Y ) = Y d−2 +

d 

Ai

i=3

545

X i + 1 + (X + 1)i d−i Y X +1

and, after expanding,

F (X, Y ) = Y

d−2

+

d 

Ai Y

i=3

d−i

   i−1   i−1 + 1 Xk. k

(2)

k=0

If f induces a planar function on Fq , then all Fq -rational points of the affine curve defined by F (X, Y ) = 0 satisfy X = 1 or Y = 0. The following result is a consequence of the Hasse-Weil bound for the number of Fq -rational points on curves. Proposition 2.1. Let f ∈ Fq [X] be a polynomial of degree at most q 1/4 in which the degree of every monomial is not a power of two. If F has an absolutely irreducible factor over Fq , then f does not induce a planar function on Fq . Proof. Let d be the degree of f . Then the degree of F is d − 2. Since d is not a power of two, we have d ≥ 3, so that q ≥ 27 . Suppose that F has an absolutely irreducible factor over Fq . Then, by the Hasse-Weil bound (see [10, Theorem 5.4.1], for example), the number of Fq -rational points on the affine curve defined by F (X, Y ) = 0 is at least q − (d − 3)(d − 4)q 1/2 − d + 3. Since F (1, Y ) and F (X, 0) are polynomials of degree at most d − 2, the number of Fq -rational points that are not on the lines X = 1 or Y = 0 is at least q − (d − 3)(d − 4)q 1/2 − 3d + 7, which (since d ≤ q 1/4 and q ≥ 27 ) is positive. The discussion preceding the proposition then implies that f is not planar. 2 The difficulty in applying Proposition 2.1 is to show that the polynomial F has an absolutely irreducible factor over Fq . Our strategy will be to apply certain transformations repeatedly to F and then use the following lemma. Lemma 2.2. Let G ∈ Fq [X, Y ] be a nonzero polynomial and define H(X, Y ) =

G(X, XY ) , Xn

where n is the smallest degree of a monomial in G. If H has an absolutely irreducible factor in Fq [X, Y ], then G has an absolutely irreducible factor in Fq [X, Y ].

546

D. Bartoli, K.-U. Schmidt / Journal of Algebra 535 (2019) 541–555

Proof. Suppose that H has an absolutely irreducible factor over Fq . We may as well suppose that H itself is absolutely irreducible. Assume that we can factor G as G = AB, where A, B ∈ Fqr [X, Y ] for some positive integer r and A and B have positive degree. Then we have H(X, Y ) =

A(X, XY ) B(X, XY ) Xa Xb

(3)

for some nonnegative integers a and b satisfying a + b = n. If A = γX a or B = γX b for some nonzero γ ∈ Fqr , then clearly G has an absolutely irreducible factor in Fq [X, Y ]. Otherwise, both of the factors on the right-hand side of (3) have positive degree, contradicting that H is absolutely irreducible. 2 Now let H ∈ Fq [X, Y ] be a polynomial and let P = (x0 , y0 ) be a point in the plane. Write H(X + x0 , Y + y0 ) = H0 (X, Y ) + H1 (X, Y ) + H2 (X, Y ) + · · · , where Hi is either the zero polynomial or a homogeneous polynomial of degree i. If Hm = 0 and Hi = 0 for all i < m, then the polynomial Hm is called the tangent cone of F at P . Whenever we refer to the tangent cone of a polynomial without specific reference to a point, we mean the tangent cone at the origin (0, 0). The following lemma gives a simple criterion for the existence of an absolutely irreducible factor over Fq of a polynomial in Fq [X, Y ]. Lemma 2.3. Let H ∈ Fq [X, Y ] and suppose that the tangent cone of H contains a reduced linear factor over Fq . Then H has an absolutely irreducible factor over Fq . Proof. Note that the tangent cone of the product of two polynomials is the product of the individual tangent cones. Therefore, we may assume without loss of generality that H is irreducible in Fq [X, Y ], otherwise consider the appropriate factor of H in Fq [X, Y ]. By a routine argument (see [16], for example) there exists c ∈ Fq and an absolutely irreducible polynomial h ∈ Fqr [X, Y ] for some positive integer r such that H=c



σ(h),

σ∈Gal(Fqr /Fq )

where σ(h) means that σ is applied to the coefficients of h. Letting T ∈ Fq [X, Y ] be the tangent cone of H and t ∈ Fqr [X, Y ] be the tangent cone of h, we have T =c



σ(t).

σ∈Gal(Fqr /Fq )

Since T contains a reduced linear factor over Fq , there is a unique σ ∈ Gal(Fqr /Fq ) such that σ(h) is divisible by this factor. But since this factor is in Fq [X, Y ], it divides

D. Bartoli, K.-U. Schmidt / Journal of Algebra 535 (2019) 541–555

547

σ(t) for every σ ∈ Gal(Fqr /Fq ). This forces r = 1 and thus H is already absolutely irreducible. 2 The following proposition combines Proposition 2.1 and Lemmas 2.2 and 2.3 and summarises the main tool in our proof of Theorem 1.1. Proposition 2.4. Let f ∈ Fq [X] be a polynomial of degree at most q 1/4 in which the degree of every monomial is not a power of two. Suppose that after the application of a sequence of variable substitutions and transformations of the form g(X, Y ) → g(X, XY )/X n , where n is the smallest degree of a monomial in g, to the associated polynomial F , we arrive at a polynomial whose tangent cone contains a reduced linear factor over Fq . Then F has an absolutely irreducible factor over Fq and consequently f cannot be planar. We shall also frequently use the following corollary to Lucas’s theorem (see [9], for example). n

Lemma 2.5. The binomial coefficient m is even if and only if at least one of the base-2 digits of m is greater than the corresponding digit of n. ν(i)

A consequence of Lemma 2.5 is that, if i is not a power of two, then X 2 Y d−i is the monomial of smallest degree in F (X, Y ) with coefficient Ai , where ν(i) is the 2-adic valuation of i. Note also that the only monomial in F of the form Y i is Y d−2 . We shall frequently use these facts without specific reference in our proof of Theorem 1.1. 3. Proof of Theorem 1.1 As before, we assume that f ∈ Fq [X] is a nonzero polynomial in which the degree of every monomial is not a power of two. We now assume in addition that the degree of f is at most q 1/4 and that f is planar on Fq . We show that this leads to a contradiction. We shall study the associated polynomial F given in (2). Put F0 = F and define F1 , F2 , . . . , Ft recursively by Fr (X, Y ) =

Fr−1 (XY, Y ) , Y nr

where nr is the smallest degree of a monomial in Fr−1 and t is the smallest number such that the tangent cone of Ft (at the origin) is not divisible by X. This t exists because of the presence of the monomial Y d−2 in F . Since f is not a 2-polynomial, we also have t ≥ 1. Define u to be the smallest integer such that the tangent cone of Ft−1 contains u the monomial X 2 Y  for some  (by “contain” we mean that the monomial is present with some nonzero coefficient). u In the first part of the proof we show that the tangent cone of Ft equals Y 2 −2 . To do so, we consider the polynomial G(X, Y ) = F (X + 1, Y ), so that

548

D. Bartoli, K.-U. Schmidt / Journal of Algebra 535 (2019) 541–555

G(X, Y ) = Y d−2 +

d 

Ai

i=3

X i + 1 + (X + 1)i d−i Y . X

For 3 ≤ i ≤ d and 1 ≤ k ≤ i − 1, the coefficient of X k−1 Y d−i in G is Ai then implies that, if i is not a power of two, then ν(i)

X2

−1

i

k . Lemma 2.5

Y d−i

is the monomial of smallest degree in G with coefficient Ai (recall that ν(i) is the 2-adic valuation of i). Put G0 = G and define G1 , G2 , . . . , Gt recursively by Gr (X, Y ) =

Gr−1 (XY, Y ) , Y nr −1

where n1 , n2 , . . . , nr are the same numbers that occur in the definition of F1, F2 , . . . , Ft . Note that nr − 1 is the smallest degree of a monomial in Gr−1 , so that we can apply Proposition 2.4 to G1 , G2 , . . . , Gt . u In order to prove that the tangent cone of Ft equals Y 2 −2 , we require the following two lemmas Lemma 3.1. We have 2 ≤ u ≤ ν(d). Proof. By assumption, f contains no monomials whose degree is a power of two. In particular d is not a power of two. Hence F , and therefore also Ft−1 , contains the ν(d) monomial X 2 . Thus we have u ≤ ν(d). If u = 0, then the tangent cone of Ft−1 would be divisible by X, but not by X 2 . This leads to a contradiction by Proposition 2.4. Now suppose that u = 1. Then the tangent cone of Ft−1 contains the monomial X 2 Y  for some  and does not contain the monomial XY +1 . By the remarks preceding the lemma, for r < t, the tangent cone of Gr equals the tangent cone of Fr divided by X. Therefore the tangent cone of Gt−1 is divisible by X and not by X 2 . This again leads to a contradiction by Proposition 2.4. 2 Lemma 3.2. For all r ≤ t we have 2u | nr . Proof. By Lemma 3.1 we have u ≤ ν(d), and so 2u | d. Let s be an integer satisfying 0 ≤ s ≤ t − 1 and assume that 2u | nr for all r ≤ s, which is vacuously true for s = 0. We u proceed by induction on s. Recall that Ft−1 contains the monomial X 2 Y  for some . The preimage in Fs of this monomial is of the form u

u

X2 Y 2

s−n1 −···−ns +d−i

(4)

for some i satisfying ν(i) = u. By the inductive hypothesis, 2u divides the degree of (4). Now suppose that Fs also contains a monomial

D. Bartoli, K.-U. Schmidt / Journal of Algebra 535 (2019) 541–555

ν(j)

X2

ν(j)

Y2

s−n1 −···−ns +d−j

549

(5)

of degree smaller than the degree of (4). If ν(j) < u, then by looking at the image in Ft−1 of (5), we find a contradiction to the minimality of u. Otherwise, 2u divides the degree of (5) and so 2u divides the smallest degree of a monomial in Fs . Hence 2u | ns+1 , as required. 2 u

We now show that the tangent cone of Ft equals Y 2 u

Lemma 3.3. The tangent cone of Ft is Y 2

−2

−2

.

.

Proof. Notice that, since the tangent cone of Ft is not divisible by X, it must contain the image of the monomial Y d−2 in F , namely Y d−2−n1 −···−nt . Since 2u | d by Lemma 3.1 and 2u | nr for all r ≤ t by Lemma 3.2, we find that the tangent cone of Ft contains Y j for some j satisfying j ≡ −2 (mod 2u ). u By definition, the tangent cone of Ft−1 contains X 2 Y  for some , and therefore Ft u contains X 2 . Hence the tangent cone of Ft has degree at most 2u . Since we also have u ≥ 2 by Lemma 3.1, we find that j = 2u − 2. Hence the tangent cone of Ft has degree 2u − 2. v u v Now suppose for a contradiction that the tangent cone of Ft contains X 2 Y 2 −2−2 for some integer v satisfying 0 ≤ v < u. By Lemma 3.2, the preimage in F of this monomial v is of the form X 2 Y  for some  satisfying  ≡ −2 (mod 2v ). If v ≥ 2, then Lemma 2.5 implies that F also contains X 2 Y  , whose image in Ft has degree strictly smaller than 2u − 2, a contradiction. If v = 1, then the tangent cone of Ft equals u

αX 2 Y 2

−4

u

+ βXY 2

−3

u

+Y2

−2

for some α, β ∈ Fq with α = 0, and the tangent cone of Gt equals u

αXY 2

−4

u

+ βY 2

−3

u

=Y2

−4

(αX + βY ),

which gives a contradiction by Proposition 2.4. If v = 0, then the tangent cone of Ft u must be Y 2 −3 (βX + Y ) for some β ∈ Fq with β = 0, which again gives a contradiction by Proposition 2.4. 2 In view of Lemma 3.3, define Ft+1 (X, Y ) =

Ft (X, XY ) . X 2u −2

Then Ft+1 still contains Y 2 −2 and the tangent cone of Ft+1 has degree 2 and contains u u X 2 (coming from X 2 Y  in Ft−1 ). Note that, since Y 2 −2 is the unique monomial of u degree 2u − 2 in Ft , the only monomial of the form Y i in Ft+1 is Y 2 −2 . u

550

D. Bartoli, K.-U. Schmidt / Journal of Algebra 535 (2019) 541–555

Now define Ft+1 (XY 2 −2 , Y ) . Y 2u −4 u−1

Ft+2 (X, Y ) =

Note that Ft+2 is obtained from Ft+1 by 2u−1 − 2 applications of the transformation g(X, Y ) → g(XY, Y )/Y 2 . Also, in each step the smallest degree of a monomial is 2: a constant term cannot appear because Ft+1 contains only one monomial that is pure in u Y , namely Y 2 −2 , and a linear tangent cone would lead to a contradiction by Proposition 2.4. The tangent cone of Ft+2 contains X 2 and Y 2 . We now show that it does not contain XY . Lemma 3.4. The tangent cone of Ft+2 equals αX 2 + Y 2 for some nonzero α ∈ Fq . u

Proof. A monomial X k Y j in Ft is mapped to X k+j−2 u

X k+j−2

+2

u−1

Y (2

+2

Y j in Ft+1 and to

−2)(k+j−2u +2)+j−2u +4

in Ft+2 . Now suppose, for a contradiction, that the latter monomial is XY , which means that k = 2u−1 and j = 2u−1 − 1. Since u ≥ 2 by Lemma 3.1 and 2u | nr for all r ≤ t by u−1 Lemma 3.2, the corresponding monomial in F is X 2 Y  for some odd . Lemma 2.5 then implies that F also contains the monomial XY  with the same nonzero coefficient u−1 as X 2 Y  . However, since u ≥ 2 and t ≥ 1, the image in Ft of XY  has degree strictly smaller than 2u − 1. This contradicts Lemma 3.3, namely that the tangent cone of Ft u equals Y 2 −2 . 2 In the remainder of our proof of Theorem 1.1 we shall apply further transformations to Ft+2 , which will ultimately lead to a contradiction. To do so, we first study the images in Ft+2 of the monomials in F . We record the properties of these images in the following lemma. Lemma 3.5. Suppose that F contains the monomial X k Y d−i . Then its image in Ft+2 is X r Y s , where r = k(t + 1) − i + 2, s = k(2u−1 (t + 1) − t − 2) − i(2u−1 − 1) + 2u . Proof. The image in Ft of X k Y d−i is X k Y kt+d−i−n1 −···−nt = X k Y kt−i+2 , u

since

D. Bartoli, K.-U. Schmidt / Journal of Algebra 535 (2019) 541–555 t 

551

nr = (d − 2) − (2u − 2) = d − 2u ,

r=1

using Lemma 3.3. Then the image in Ft+1 of X k Y d−i is u

X k(t+1)−i+2 Y kt−i+2 and the image in Ft+2 is u

X k(t+1)−i+2 Y kt−i+2

+(2u−1 −2)(k(t+1)−i+2)−2u +4

.

2

Lemma 3.5 implies that the putative monomial X k Y d−i in F is mapped to a monomial in Ft+2 of degree k(2u−1 (t + 1) − 1) − 2u−1 i + 2u + 2. In particular, since u ≥ 2 by Lemma 3.1, this degree is congruent to k modulo 2. Define o(i) =

2u−1 (t + 1) − 1 − 2u−1 i + 2u + 2 ν(i)

(2

+ 1)(2

u−1

(t + 1) − 1) − 2

u−1

for odd i u

i + 2 + 2 for even i

and e(i) =

2z (2u−1 (t + 1) − 1) − 2u−1 i + 2u + 2 2

ν(i)

(2

u−1

(t + 1) − 1) − 2

u−1

for odd i

u

i + 2 + 2 for even i,

n where z is determined as follows. If i = n≥0 an 2 with an ∈ {0, 1} is the base-2 expansion of i, then z is the smallest positive integer n such that an = 0. Note that z ≥ 1 for odd i. Recall our assumption that f contains no monomials whose degree is a power of two and that f is not the zero polynomial. Lemmas 2.5 and 3.5 imply that, among all monomials with coefficient Ai in Ft+2 , the smallest odd degree is o(i) and, if i + 1 is not a power of two, then the smallest even degree is e(i) (if i + 1 is a power of two, then there are no monomials in Ft+2 of even degree with coefficient Ai ). Accordingly, define m = min{o(i) : Ai = 0}.

(6)

We shall first prove some properties of this number. Lemma 3.6. We have m = o(i) for some uniquely determined i. Proof. Suppose for a contradiction that m = o(i) = o(i ) for some integers i = i . We first show that one of i and i is odd and the other is even. If i and i are both odd or

552

D. Bartoli, K.-U. Schmidt / Journal of Algebra 535 (2019) 541–555

more generally ν(i) = ν(i ), then we force i = i , a contradiction. If i and i are both even and ν(i) < ν(i ), then we obtain using u ≥ 2 by Lemma 3.1 o(i ) − o(i) ≡ 2ν(i)

(mod 2ν(i)+1 ),

contradicting o(i) = o(i ). This proves our claim and so we can assume without loss of generality that i is even and i is odd. Next we show that e(i) = 2. If there is an even j such that e(j) < e(i) and Aj = 0, then it follows immediately from the definitions that o(j) < o(i), which contradicts m = o(i). If there is an odd j such that e(j) < e(i) and Aj = 0, then o(j) < e(j) < e(i) < o(i), which again contradicts m = o(i). Hence e(i) is the smallest even degree of a monomial in Ft+2 . Since Ft+2 contains the monomial X 2 and no monomials of smaller degree, we find that e(i) = 2. Since i is even and e(i) = 2, we obtain o(i) = 2u−1 (t + 1) + 1. The equality o(i) = o(i ) then gives 2u−1 i = 2u , so i = 2, contradicting that i is odd. 2 Lemma 3.7. Every monomial in Ft+2 of degree strictly less than m has even degree in X and even degree in Y . Proof. Let i be an integer such that Ai = 0. If i is odd, then o(i) < e(i), and so o(i) is the smallest degree of a monomial in Ft+2 with coefficient Ai . Hence, if there is a monomial in Ft+2 of even degree less than o(i) with the same coefficient Ai , then i must be even. By Lemma 3.5, such a monomial has degree k(2u−1 (t + 1) − 1) − 2u−1 i + 2u + 2. Since u ≥ 2 by Lemma 3.1, we force k to be even. It then follows from Lemma 3.5 that this monomial has even degree in X and even degree in Y . 2 We now complete the proof of Theorem 1.1. Proof of Theorem 1.1. Recall the definition of m from (6). Put H0 = Ft+2 and define H1 , H2 , . . . , H(m−1)/2 recursively by Hi+1 (X, Y ) =

Hi (X, ci X + XY ) , X2

where ci is such that c2i is the coefficient of X 2 in Hi . Note that Hi+1 is obtained from Hi by a variable substitution (X, Y ) → (X, ci X + Y ) followed by the transformation

D. Bartoli, K.-U. Schmidt / Journal of Algebra 535 (2019) 541–555

553

g(X, Y ) → g(X, XY )/X 2 . We shall see that H1 , H2 , . . . , H(m−1)/2 are indeed polynomials and that the tangent cone of H(m−1)/2 equals αX for some nonzero α ∈ Fq , which then leads to a contradiction by Proposition 2.4. By Lemma 3.6, the polynomial H0 = Ft+2 contains a unique monomial of degree m, and so H0 (X, c0 X + Y ) contains αX m for some nonzero α ∈ Fq . Lemma 3.7 asserts that every monomial in H0 of degree strictly less than m has even degree in X and even

degree in Y . Since nk is even for even n and odd k by Lemma 2.5, the images of such monomials in H1 , H2 , . . . , H(m−1)/2−1 also have even degree in X and even degree in Y . Hence the tangent cones of H1 , H2 , . . . , H(m−1)/2−1 have degree two and never contain XY . This also implies that H1 , H2 , . . . , H(m−1)/2 are indeed polynomials and that the tangent cone of H(m−1)/2 equals αX. 2 4. Proof of Proposition 1.4 We now give a proof of Proposition 1.4. As before, let q be a power of two and let f ∈ Fq [X] be a polynomial in which the degree of every monomial is not a power of two. Again there is no loss of generality since the addition of a 2-polynomial preserves the APN property of the function induced by f . Define the polynomial ψ(X, Y, Z) =

f (X) + f (Y ) + f (Z) + f (X + Y + Z) . (X + Y )(X + Z)(Y + Z)

It is well known (see [22, Proposition 3.1], for example) that f induces an APN function on Fq if and only if all Fq -rational points on the affine surface defined by ψ(X, Y, Z) = 0 satisfy (X + Y )(X + Z)(Y + Z) = 0. Write

f=

d 

Ai X i ,

i=0

where Ad = 0. Then the homogenised form of ψ is  ψ(X, Y, Z, T ) =

d  i=3

Ai

X i + Y i + Z i + (X + Y + Z)i d−i T . (X + Y )(X + Z)(Y + Z)

As for planar functions, we consider the affine curve defined by F (X, Y ) = 0, where  F (X, Y ) = ψ(X, 1, X + 1, Y ). We have

F (X, Y ) =

d  i=3

and, after expanding,

Ai

X i + 1 + (X + 1)i d−i Y (X + 1)X

554

D. Bartoli, K.-U. Schmidt / Journal of Algebra 535 (2019) 541–555

F (X, Y ) =

d  i=3

Ai Y

d−i

   i−1   i−1 + 1 X k−1 . k

k=1

If f induces an APN function on Fq , then all Fq -rational points of the affine curve defined by F (X, Y ) = 0 satisfy XY (X + 1) = 0. Now assume that d ≤ q 1/4 and d ≡ 2 (mod 4). Then F (0, 0) = 0 and Lemma 2.5 implies that the tangent cone of F equals Ad X + Ad−1 Y . Since Ad = 0, we find from Lemma 2.3 that F has an absolutely irreducible factor over Fq . An argument that is almost identical to that used in the proof of Proposition 2.1 then shows that the curve defined by F (X, Y ) = 0 has Fq -rational points not on one of the lines X = 0, Y = 0, or X = 1. Hence f cannot be APN on Fq . Acknowledgments Daniele Bartoli was partially supported by the Italian Ministero dell’Istruzione, dell’Università e della Ricerca (MIUR) and the Gruppo Nazionale per le Strutture Algebriche, Geometriche e le loro Applicazioni (GNSAGA-INdAM). This work was carried out when the first author was visiting Paderborn University under the programme “Research Stays for University Academics and Scientists” funded by the German Academic Exchange Service (DAAD). References [1] Y. Aubry, G. McGuire, F. Rodier, A few more functions that are not APN infinitely often, in: Finite Fields: Theory and Applications, in: Contemp. Math., vol. 518, Amer. Math. Soc., Providence, RI, 2010, pp. 23–31. [2] D. Bartoli, Y. Zhou, Exceptional scattered polynomials, J. Algebra 509 (2018) 507–534. [3] L. Budaghyan, C. Carlet, A. Pott, New classes of almost bent and almost perfect nonlinear polynomials, IEEE Trans. Inform. Theory 52 (3) (2006) 1141–1152. [4] C. Carlet, C. Ding, J. Yuan, Linear codes from perfect nonlinear mappings and their secret sharing schemes, IEEE Trans. Inform. Theory 51 (6) (2005) 2089–2102. [5] F. Caullery, K.-U. Schmidt, On the classification of hyperovals, Adv. Math. 283 (2015) 195–203. [6] F. Caullery, K.-U. Schmidt, Y. Zhou, Exceptional planar polynomials, Des. Codes Cryptogr. 78 (3) (2016) 605–613. [7] M. Delgado, The state of the art on the conjecture of exceptional APN functions, Note Mat. 37 (1) (2017) 41–51. [8] P. Dembowski, T.G. Ostrom, Planes of order n with collineation groups of order n2 , Math. Z. 103 (1968) 239–258. [9] N.J. Fine, Binomial coefficients modulo a prime, Amer. Math. Monthly 54 (1947) 589–592. [10] M.D. Fried, M. Jarden, Field Arithmetic, 3rd ed., Springer-Verlag, Berlin, 2008. [11] M.J. Ganley, E. Spence, Relative difference sets and quasiregular collineation groups, J. Combin. Theory Ser. A 19 (1975) 134–153. [12] F. Hernando, G. McGuire, Proof of a conjecture on the sequence of exceptional numbers, classifying cyclic codes and APN functions, J. Algebra 343 (2011) 78–92. [13] F. Hernando, G. McGuire, Proof of a conjecture of Segre and Bartocci on monomial hyperovals in projective planes, Des. Codes Cryptogr. 65 (3) (2012) 275–289. [14] S. Hu, Sh. Li, T. Zhang, T. Feng, G. Ge, New pseudo-planar binomials in characteristic two and related schemes, Des. Codes Cryptogr. 76 (2) (2015) 345–360. [15] H. Janwa, R.M. Wilson, Hyperplane sections of Fermat varieties in P3 in char. 2 and some applications to cyclic codes, in: Applied Algebra, Algebraic Algorithms and Error-Correcting Codes, San Juan, PR, 1993, in: Lecture Notes in Comput. Sci., vol. 673, Springer, Berlin, 1993, pp. 180–194.

D. Bartoli, K.-U. Schmidt / Journal of Algebra 535 (2019) 541–555

555

[16] S. Kopparty, S. Yekhanin, Detecting rational points on hypersurfaces over finite fields, in: IEEE Conference on Computational Complexity, IEEE Computer Society, 2008, pp. 311–320. [17] E. Leducq, Functions which are PN on infinitely many extensions of Fp , p odd, Des. Codes Cryptogr. 75 (2) (2015) 281–299. [18] P. Müller, M.E. Zieve, Low-degree planar monomials in characteristic two, J. Algebraic Combin. 42 (3) (2015) 695–699. [19] K. Nyberg, L.R. Knudsen, Provable security against differential cryptanalysis, in: Advances in Cryptology, CRYPTO ’92, Santa Barbara, CA, 1992, in: Lecture Notes in Comput. Sci., vol. 740, Springer, Berlin, 1993, pp. 566–574. [20] A. Pott, Almost perfect and planar functions, Des. Codes Cryptogr. 78 (1) (2016) 141–195. [21] L. Qu, A new approach to constructing quadratic pseudo-planar functions over F2n , IEEE Trans. Inform. Theory 62 (11) (2016) 6644–6658. [22] F. Rodier, Borne sur le degré des polynômes presque parfaitement non-linéaires, in: Arithmetic, Geometry, Cryptography and Coding Theory, in: Contemp. Math., vol. 487, Amer. Math. Soc., Providence, RI, 2009, pp. 169–181. [23] Z. Scherr, M.E. Zieve, Some planar monomials in characteristic 2, Ann. Comb. 18 (4) (2014) 723–729. [24] K.-U. Schmidt, Y. Zhou, Planar functions over fields of characteristic two, J. Algebraic Combin. 40 (2) (2014) 503–526. [25] Y. Zhou, (2n , 2n , 2n , 1)-relative difference sets and their representations, J. Combin. Des. 21 (2013) 563–584. [26] M.E. Zieve, Planar functions and perfect nonlinear monomials over finite fields, Des. Codes Cryptogr. 75 (1) (2015) 71–80.